Identify threat issues using Microsoft Defender reports
Several reports are available in the Microsoft Defender portal. Organizations can use these reports to identify threat issues that require responses. This unit describes these reports, how you can use them, and how to find them.
| Report | Description |
|---|---|
| License report | The License report provides information about licenses your organization purchased and uses. To access this report, in the navigation pane, choose Settings, then Endpoints, and then License. |
| Security report | The Security report provides information about your company's identities, devices, and apps. To access this report, in the navigation pane, choose Reports, then General, and then Security report. You can view similar information on the home page of your Microsoft Defender portal. |
| Threat protection | The Threat protection report provides information about alerts and alert trends. Use the Alert trends column to view information about alerts that the system triggered over the last 30 days. Use the Alert status column to view current snapshot information about alerts, such as categories of unresolved alerts and their classification. To access this report, in the navigation pane, choose Reports, then Endpoints, and then Threat protection. You can also use the Incidents list to view information about alerts. In the navigation pane, choose Incidents to view and manage current incidents. To learn more, see View and manage incidents in Defender for Business. |
| Device health and compliance | The Device health and compliance report provides information about device health and trends. You can use this report to determine whether the sensors in Microsoft Defender for Business are working correctly on devices. This report also shows the current status of Microsoft Defender Antivirus. To access this report, in the navigation pane, choose Reports, then Endpoints, and then Device health and compliance. You can use the Devices list to view information about your company's devices. In the navigation pane, go to Assets and then Devices. |
| Vulnerable devices | The Vulnerable devices report provides information about devices and trends. Use the Trends column to view information about devices that had alerts over the last 30 days. Use the Status column to view current snapshot information about devices that have alerts. To access this report, in the navigation pane, choose Reports, then Endpoints, and then Vulnerable devices. You can use the Devices list to view information about your company's devices. In the navigation pane, go to Assets and then Devices. |
| Web protection | The Web protection report shows attempts to access phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, and explicitly blocked sites. Categories of blocked sites include adult content, leisure sites, legal liability sites, and more. To access this report, in the navigation pane, choose Reports, then Endpoints, and then Web protection. If you didn't configure web protection for your company, choose the Settings button in a report view. Then, under Rules, choose Web content filtering. To learn more about web content filtering, see Web content filtering. |
| Firewall | The Firewall report shows blocked inbound, outbound, and app connections. This report also shows remote IPs connected by multiple devices, and remote IPs with the most connection attempts. If you didn't configure your firewall protection, in the navigation pane, choose Endpoints, then Configuration management, and then Device configuration. To learn more, see Firewall in Defender for Business. |
| Device control | The Device control report shows information about media usage, such as the use of removable storage devices in your organization. |